Critical Infrastructure Digitalization and Resilience (CIDR) in Kosovo

Summary

Critical Infrastructure Digitalization and Resilience (CIDR) is a five-year regional program managed by DAI for the U.S. Agency for International Development (USAID)’s Bureau for Europe and Eurasia.

CIDR’s country teams work with partner governments and local stakeholders to: 1) accelerate cybersecurity workforce development, 2) empower organizations to identify and address cybersecurity threats, 3) strengthen cybersecurity governance, and 4) facilitate the sharing of cyber threat information.

Details

Aim

USAID, through CIDR, aims to help its partner countries improve their cybersecurity posture so critical infrastructure entities are more resilient and can continue to provide citizens with essential services. CIDR partner countries are Albania, Georgia, Kosovo, Moldova, Montenegro, North Macedonia, and Serbia.

Context

Countries in Eastern Europe are facing more diverse and complex cyberattacks targeting critical infrastructure. In response, the CIDR program is assisting partner governments and institutions to protect infrastructure such as energy, telecom, finance, and e-services from these malicious attacks.

Kosovo Focus

The CIDR program in Kosovo works with the Office of the Prime Minister, Ministry of Interior, the private sector, and other key partners to: 1) lead multi-stakeholder working groups that build consensus around cybersecurity priorities within critical infrastructure, 2) define requirements and compliance for critical infrastructure entities, and 3) assure activities align with the national cybersecurity strategy.

The CIDR/Kosovo activity is scheduled to run from June 2022 to December 2024.

Activities

• Facilitate stakeholder collaboration. The multi-stakeholder, government-led Critical Infrastructure Cybersecurity Working Group (CICWG) discusses key issues and develops understanding and recommendations for strengthening national cybersecurity.
• Expert-led policy consultation. CIDR consults on international best practices for cybersecurity policy and laws, assists on drafting sub-laws that define requirements and compliance for critical infrastructure entities, and conducts regulatory impact assessment.
• Develop Domain Name System (DNS) Strategy. CIDR is spearheading development of a national DNS strategy that aligns with the national cybersecurity strategy, including drafting a DNS strategy and action plan and providing actionable guidance to local stakeholders and critical infrastructure operators; CIDR provides expert-led workshops for partner operators on DNS for integrated cyber defense, capacity building, and technical assistance.
• Inform policymakers, operators. CIDR through CICWG meetings informs policymakers and CI operators from six sectors, addressing third-party risks in IT and cybersecurity service delivery and implementation of new legal frameworks for cybersecurity in national CI.
• Assist critical infrastructure entities. CIDR is helping key infrastructure to understand their cybersecurity postures so they can mitigate weaknesses and seize on opportunities to build resilience against disruptions to information systems.